Reject MIME parts with unsupported encoding
What does this MR do and why?
Contributes to #340366
Problem
Golang mime
package skips processing unsupported encodings (see
https://sourcegraph.com/github.com/golang/go@0fd0639e4c429e147d33bfc42654fcd651f4449f/-/blob/src/mime/mediatype.go?L247).
Because of that workhorse does not incercept the upload and skip sanitization for filename value.
Solution
Manually detect the charset of the filename*
and reject the upload
if charset is unsupported.
Screenshots or screen recordings
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vasilii Iakliushin